I am trying to fetch the list of resources present in my Azure Resource Group.
To do that, I got an access token by registering one app in Azure AD using the client_credentials flow.
But when I am using that token to query like below, I'm getting 401 Unauthorized - Authentication failed error.
Query that I used:
GET https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/resources?api-version=2021-04-01
I have owner access to all my resources but why am I getting 401 Unauthorized error. Is there any step that I missed?
Can anyone point me in a right path?
I came to know I have to give API permissions for Azure Service Management.
After giving user_impersonation, I changed the scope to https://management.azure.com/.default and got access token.
Using this token, I successfully got the list of resources without any errors.
Related
I'm trying to setup Azure AD SSO to authorise users to log into AWS. I believe I have things mostly set up, I get the Microsoft login option & after logging in I get the error Invalid request 401 - error getting token.
I've tried everything I can find that might be wrong but to no avail, does anyone have any clue as to what might be misconfigured?
I am trying to get ID token and Refresh token along with access token from Azure AD app via Postman by using below parameters:
GET
https://login.microsoftonline.com/mytenant_id/oauth2/v2.0/token
client_id='myclient_id'
&client_secret='myclient_secret'
&grant_type=authorization_code
&scope=https://graph.microsoft.com/.default
&redirect_uri=https://jwt.ms
I am able to get the access token, but not sure why I am not getting ID token and Refresh token along with it.
Atfirst, I tried with client_credentials flow, but I came to know I have to use auth code flow or OpenID Connect in order to get those tokens.
So I shifted to auth code flow. But still I'm getting access token only:(
I have also enabled the below options in the Portal
What else settings are needed to get the tokens? Any suggestions would be appreciated.
Edited:
I have given below API permissions:
Please note that, getting ID token and Refresh token along with access token depends on the scope/API permissions you grant to the application as mentioned in this MsDoc.
I tried to reproduce the same in my environment and added scopes like below:
After adding the openid and offline_access in the scope, I got all tokens successfully like below:
I'm following this tutorial here to attempt to authenticate using Token Based Authentication with Netsuite:
through postman using Netsuite's Postman environment, but I continue to receive "401 Invalid login attempt".
When I check the Login Audit Trail, I see that there is no role being assigned to my authentication attempts -- it's just blank. To me, this indicates that the token is not properly assigned to the User/Role, but I've walked through the directions several times and everything appears to be setup properly.
I've seen other similar posts about this, but those seem to boil down to the Netsuite Account ID formatting. However, my Netsuite Account ID is all numbers, so I don't think this is a factor.
This should work fine assuming you have created an integration and an access token. Configure Oauth 1.0 in postman with the following fields filled out correctly:
signature method (should be HMAC-256)
consumer key (from the integration you created in netsuite)
consumer secret (from the integration you created in netsuite)
access token (from the access token created in netsuite)
token secret (from the access token created in netsuite)
realm (your account id, if using a sandbox, make sure the realm looks like 1234567_SB1, with an _ and not a -)
You won't be able to complete TBA using postman because using netsuite TBA requires a callback URL that netsuite will redirect you to with the necessary credentials (access token and & token secret).
I'm having this exact same issue. I have custom code written in Salesforce APEX that is connecting to NetSuite just fine. We also have a Workato integration that is connecting to NetSuite just fine.
No matter what I do in Postman, I get a 401 Invalid Login response. I'm losing my mind...
I finally got this to work for me. Postman had a request header of "Connection"="keep-alive". Once I removed that it worked fine! Wow.. I've been trying to get this to work for weeks, looking at it every few days for an hour or two. What a frustrating error message "Invalid Login".
I added a service provider to WSO2IS and use its secret to get an access token, I then use this access token to execute endpoint https://localhost:9443/t/carbon.super/api/server/v1/tenants, but I am getting 403 error. An access token is for the admin user, that as far as I see has all privileges. Why am I getting a forbidden error and how can I fix it?
Follow the steps in https://stackoverflow.com/a/65371473/10055162. If you generated the token without passing the required scopes (In your case internal_list_tenants), you will get 403 Forbidden response from the REST API call. More info (3)
We are having issues with obtaining access tokens for Sharepoint/Exchange resources for a non-multi-tenan Office365 deployment.
This tenant has an O365-D-vnext (dedicated, not multi-tenants) environment which seems to use a different resource end points for sharepoint and exchange, and possibly the management APIs as well.
We use the 'client credential flow' (app-only) to authenticate the global admin for this tenant. The authentication went through, and we got back an auth token (which we discard as it’s not applicable in app-only authentication flow) and tenant-id (we verified the tenant id with the customer). We then tried to get tokens for 3 different APIs using
login.microsoftonline.com//oauth2/token
Here is where we are at with this:
1) We were able to get token for
https://graph.windows.net
and access the active directory groups (we should be able to fetch the users as well)
2) We were able to obtain an access token for exchange resource endpoint
https://outlook.office365.com/
but when we tried to use it, we got 404 for users that we know have mailboxes. We are not sure if outlook.office365.com works for O365-D-vnext (dedicated, not multi-tenants) environment.
3) We were able to get token for
https://{tenant}-my.sharepoint.com"
but when we tried to use the token to access user’s Onedrive, it returned this error: {“error":"invalid_client","error_description":"Invalid audience Uri 'https://{tenant}-my.sharepoint.com/'} . We were told by our customer that this endpoint would not work for their non-multi-tenants environment.
We subsequently tried a couple of other vanity URIs that the users of this customer use to access their sharepoint onedrive documents. But we were NOT able to get token for the URIs provided by our customers. We received the following error when using these URIs provided:
{"error":"invalid_resource","error_description":"AADSTS50001: The application named https://<tenant-my-site>.com was not found in the tenant named https://<tenant>-my.sharepoint.com/. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You might have sent your authentication request to the wrong tenant.\r\nTrace ID: … ”error_codes":[50001] …}
Any ideas on how to get access tokens for this type of deployments?